rpms/kernel
9
4
Fork 6
Code Issues Pull Requests Releases Activity
53ec6c7fe3
kernel/SOURCES
History
Andrew Lukoshko 53ec6c7fe3 Bump version to 5.14.0-687.5.4 
Refresh the dirtyfrag backport to upstream v5 and add the cifs.spnego
hardening patch.

  1102-net-skbuff-propagate-shared-frag-marker.patch
    Refreshed from upstream v3 to v5
    (https://lore.kernel.org/all/ageeJfJHwgzmKXbh@v4bel/). The v5
    series adds two skb_segment() hunks on top of v3: it folds
    frag_skb-> flags into nskb on the per-iteration flag merge, and
    fills the marker again when the inner switch rebinds frag_skb to
    a list_skb on head_skb-frags exhaustion. The other v5 site
    (tcp_clone_payload()) does not exist in 5.14 and is omitted.
    skb_try_coalesce() hunk is retained as in v3/v4 because the
    upstream commit that dropped it (f84eca581739) is only partially
    backported in 5.14 -- its skb_split() half is present, but the
    skb_try_coalesce() half is missing.

  1105-smb-client-reject-userspace-cifs.spnego-descriptions.patch
    Upstream commit 3da1fdf4efbc verbatim. Refuses userspace-created
    cifs.spnego keys via request_key(2)/add_key(2); only kernel CIFS
    using the private spnego_cred may create them. cifs.upcall
    treats the key description as kernel-originating
    pid/uid/creduid/upcall_target -- without this fence, userspace
    can spoof those fields.

All four patches verified to apply with patch -p1 -F0 against the
5.14.0-687.5.1.el9_8 source tree (no fuzz, no rejects).
2026-05-28 11:52:19 +00:00
..
0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 2025-05-23 11:07:05 +00:00
0001-Make-KVM-PMU-symbols-global-for-ppc64le-module-build.patch Sync with a9-beta 2026-05-28 11:47:13 +00:00
0001-proc-fix-a-dentry-lock-race-between-release_task-and-lookup.patch Sync with a9-beta 2026-05-28 11:47:13 +00:00
0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch Merge 9.4 beta patches 2024-04-30 16:35:25 +00:00
0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch Merge 9.4 beta patches 2024-04-30 16:35:25 +00:00
0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 2025-11-11 11:25:13 +00:00
0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch Merge 9.4 beta patches 2024-04-30 16:35:25 +00:00
0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch Merge 9.4 beta patches 2024-04-30 16:35:25 +00:00
0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch Merge 9.4 beta patches 2024-04-30 16:35:25 +00:00
1100-xfrm-esp-avoid-in-place-decrypt-shared-skb-frags.patch Sync with a9-beta 2026-05-28 11:47:13 +00:00
1101-rxrpc-linearize-paged-frags.patch Add Dirty Frag + ptrace fixes (CVE-2026-43500, 46300, 46333) 2026-05-19 18:15:47 +00:00
1102-net-skbuff-propagate-shared-frag-marker.patch Bump version to 5.14.0-687.5.4 2026-05-28 11:52:19 +00:00
1103-ptrace-require-cap-on-mm-less-task.patch Add Dirty Frag + ptrace fixes (CVE-2026-43500, 46300, 46333) 2026-05-19 18:15:47 +00:00
1104-CVE-2026-31431-crypto-Copy-Fail-fixes.patch Sync with a9-beta 2026-05-28 11:47:13 +00:00
1105-smb-client-reject-userspace-cifs.spnego-descriptions.patch Bump version to 5.14.0-687.5.4 2026-05-28 11:52:19 +00:00
almalinuxdup1.x509 AlmaLinux changes 2022-05-17 19:58:49 +03:00
almalinuxima.x509 Merge branch 'c9' into a9 2023-11-07 19:00:18 +00:00
almalinuximaca1.x509 Merge branch 'c9' into a9 2023-11-07 19:00:18 +00:00
almalinuxkpatch1.x509 AlmaLinux changes 2022-05-17 19:58:49 +03:00
almalinuxnvidia1.x509 hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 2025-05-24 15:30:44 +00:00
check-kabi import kernel-5.14.0-162.6.1.el9_1 2022-11-15 07:35:39 +00:00
cpupower.config import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
cpupower.service import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
dracut-virt.conf Sync with a9-beta 2026-05-28 11:47:13 +00:00
filter-aarch64.sh.rhel Revert OL modifications 2026-05-18 07:12:15 -04:00
filter-armv7hl.sh.rhel import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
filter-modules.sh.rhel import CS kernel-5.14.0-611.5.1.el9_7 2025-11-11 10:54:11 +00:00
filter-ppc64le.sh.rhel Revert OL modifications 2026-05-18 07:12:15 -04:00
filter-s390x.sh.rhel Revert OL modifications 2026-05-18 07:12:15 -04:00
filter-x86_64.sh.rhel Revert OL modifications 2026-05-18 07:12:15 -04:00
gating.yaml import OL kernel-5.14.0-570.16.1.0.1.el9_6 2025-05-23 10:58:36 +00:00
generate_all_configs.sh import kernel-5.14.0-284.11.1.el9_2 2023-05-09 05:52:43 +00:00
kernel-aarch64-64k-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-64k-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-rt-64k-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-rt-64k-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-rt-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-aarch64-rt-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-local import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
kernel-ppc64le-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-ppc64le-kvm-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-ppc64le-kvm-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-ppc64le-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-s390x-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-s390x-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-s390x-zfcpdump-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-x86_64-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-x86_64-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-x86_64-rt-debug-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel-x86_64-rt-rhel.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel.changelog Sync with a9-beta 2026-05-28 11:47:13 +00:00
kernel.sbat.template Sync with a9-beta 2026-05-28 11:47:13 +00:00
kvm_stat.logrotate import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
linux-kernel-test.patch import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
Makefile.rhelver Sync with a9-beta 2026-05-28 11:47:13 +00:00
merge.pl import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
mod-denylist.sh import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
mod-extra.list.rhel import OL kernel-5.14.0-611.36.1.el9_7 2026-03-03 15:32:07 +00:00
mod-internal.list Sync with a9-beta 2026-05-28 11:47:13 +00:00
mod-partner.list import kernel-5.14.0-284.11.1.el9_2 2023-05-09 05:52:43 +00:00
mod-sign.sh import CS kernel-5.14.0-427.13.1.el9_4 2024-04-30 16:13:30 +00:00
Module.kabi_aarch64 Sync with a9-beta 2026-05-28 11:47:13 +00:00
Module.kabi_dup_aarch64 import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
Module.kabi_dup_ppc64le import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
Module.kabi_dup_s390x import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
Module.kabi_dup_x86_64 import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
Module.kabi_ppc64le Sync with a9-beta 2026-05-28 11:47:13 +00:00
Module.kabi_s390x Sync with a9-beta 2026-05-28 11:47:13 +00:00
Module.kabi_x86_64 Sync with a9-beta 2026-05-28 11:47:13 +00:00
parallel_xz.sh import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
partial-kgcov-snip.config Sync with a9-beta 2026-05-28 11:47:13 +00:00
patch-5.14-redhat.patch import kernel-5.14.0-284.11.1.el9_2 2023-05-09 05:52:43 +00:00
ppc64le-kvm-support.patch hpsa: bring back deprecated PCI ids #CFHack #CFHack2024 2025-05-23 11:07:05 +00:00
process_configs.sh import CS kernel-5.14.0-427.13.1.el9_4 2024-04-30 16:13:30 +00:00
README.rst import kernel-5.14.0-70.13.1.el9_0 2022-05-17 16:19:28 +00:00
rpminspect.yaml Sync with a9-beta 2026-05-28 11:47:13 +00:00
uki_addons.json import OL kernel-5.14.0-611.9.1.el9_7 2025-11-27 14:08:41 +00:00
uki_create_addons.py import CS kernel-5.14.0-611.5.1.el9_7 2025-11-11 10:54:11 +00:00
update_scripts.sh import CS kernel-5.14.0-427.13.1.el9_4 2024-04-30 16:13:30 +00:00
x509.genkey.centos Fix module signing keys 2022-11-15 12:22:08 +00:00
x509.genkey.rhel Revert OL modifications 2026-05-18 07:12:15 -04:00

README.rst 

===================
The Kernel dist-git
===================

The kernel is maintained in a `source tree`_ rather than directly in dist-git.
The specfile is maintained as a `template`_ in the source tree along with a set
of build scripts to generate configurations, (S)RPMs, and to populate the
dist-git repository.

The `documentation`_ for the source tree covers how to contribute and maintain
the tree.

If you're looking for the downstream patch set it's available in the source
tree with "git log master..ark-patches" or
`online`_.

Each release in dist-git is tagged in the source repository so you can easily
check out the source tree for a build. The tags are in the format
name-version-release, but note release doesn't contain the dist tag since the
source can be built in different build roots (Fedora, CentOS, etc.)

.. _source tree: https://gitlab.com/cki-project/kernel-ark.git
.. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template
.. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home
.. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches